Have you ever wonder if it’s possible to create, manage and deploy infrastructure as a code using AWS CloudFormation through lambdas?
Some of the benefits i thought while researching this route were:
- Granular control of what is being created, modified or deleted on your infra.
- Easier to migrate to another vendor.
- Faster to deploy multiple resources at the same time.
- Having all wrapped inside AWS stacks.
The initial approach
Creating a resource on an AWS account with a Lambda came with some ideas. The one I tested follows this path:
- A json template file stored inside a bucket.
- One lambda will run and read the json file inside the bucket
- The lambda will “talk” with AWS CloudFormation and send some parameters to create a stack. One of those parameters will be the json template.
- AWS CloudFormation will create the resources specified on the json template.
First you need to put the json template inside a bucket. Feel free to copy the one i used here:
This will create a stack with a public s3 bucket ready to host a website. This file was saved as s3template.json inside a s3 bucket. The parameter you will need is the object URL.
For this test I created a Lambda on python. You can download it here:
Or if you prefer copying it from here, this is how it looks:
import json import boto3 import os from datetime import datetime from urllib.parse import urlparse template_url = "https://yourlink.s3.amazonaws.com/s3template.json" def launch_stack(): cfn = boto3.client('cloudformation') current_ts = datetime.now().isoformat().split('.').replace(':','-') stackname = 'stack-test-from-lambda-s3' + current_ts capabilities = ['CAPABILITY_IAM', 'CAPABILITY_AUTO_EXPAND'] try: stackdata = cfn.create_stack( StackName=stackname, DisableRollback=True, TemplateURL=template_url,ud Capabilities=capabilities) except Exception as e: print(str(e)) return stackdata def lambda_handler(event, context): print("Received event:") stack_result=launch_stack() print(stack_result)
Important: For this to work, when I created the lambda, the role attached to it needed permissions to read S3 resources and writing actions to CloudFormation resources.
You can notice the Template_URL pointing to the s3 object URL that contains the json.
We can go to CloudFormation and see the stack was successfuly created.
Then if you go s3, you will be able to find the new bucket.
We are able to have a lambda which can be triggered in many ways and then it will create resources using CloudFormation and have IaaC along with it.
There are lots of use cases where this can be very helpful. How do you think you can use this?